Jose E. Marchesi
2018-09-04 18:48:48 UTC
From: ***@oracle.com
The function `elf64_sparc_slurp_one_reloc_table' in elf64-sparc.c
currently checks that the symbol indexes read in the r_sym fields of
relocations are in range. This is done for both dynamic and
non-dynamic symbols. This avoids subsequent invalid memory accesses.
However, no error is issued to the user.
This patch makes BFD to issue an error when the read symbol index is
out of range, following the same behavior implemented in both the
generic ELF routines and other ELF backends (such as mips64).
Tested in x86_64-linux-gnu, sparc64-linux-gnu, and
--enable-targets=all.
2018-09-04 Jose E. Marchesi <***@oracle.com>
* elf64-sparc.c (elf64_sparc_slurp_one_reloc_table): Issue an
error when an invalid symbol index is retrieved in ELF64_R_SYM of
a relocation seen in an input file.
---
bfd/ChangeLog | 6 ++++++
bfd/elf64-sparc.c | 18 +++++++++++++-----
2 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 9a3b9b1ec2..22837e0f0e 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2018-09-04 Jose E. Marchesi <***@oracle.com>
+
+ * elf64-sparc.c (elf64_sparc_slurp_one_reloc_table): Issue an
+ error when an invalid symbol index is retrieved in ELF64_R_SYM of
+ a relocation seen in an input file.
+
2018-09-03 Jozef Lawrynowicz <***@mittosystems.com>
Alan Modra <***@gmail.com>
diff --git a/bfd/elf64-sparc.c b/bfd/elf64-sparc.c
index 8c45d3257e..41e1b7acf7 100644
--- a/bfd/elf64-sparc.c
+++ b/bfd/elf64-sparc.c
@@ -97,12 +97,20 @@ elf64_sparc_slurp_one_reloc_table (bfd *abfd, asection *asect,
else
relent->address = rela.r_offset - asect->vma;
- if (ELF64_R_SYM (rela.r_info) == STN_UNDEF
- /* PR 17512: file: 996185f8. */
- || (!dynamic && ELF64_R_SYM(rela.r_info) > bfd_get_symcount(abfd))
- || (dynamic
- && ELF64_R_SYM(rela.r_info) > bfd_get_dynamic_symcount(abfd)))
+ if (ELF64_R_SYM (rela.r_info) == STN_UNDEF)
relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr;
+ else if (/* PR 17512: file: 996185f8. */
+ (!dynamic && ELF64_R_SYM(rela.r_info) > bfd_get_symcount(abfd))
+ || (dynamic
+ && ELF64_R_SYM(rela.r_info) > bfd_get_dynamic_symcount(abfd)))
+ {
+ _bfd_error_handler
+ /* xgettext:c-format */
+ (_("%pB(%pA): relocation %d has invalid symbol index %ld"),
+ abfd, asect, i, (long) ELF64_R_SYM (rela.r_info));
+ bfd_set_error (bfd_error_bad_value);
+ relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr;
+ }
else
{
asymbol **ps, *s;
The function `elf64_sparc_slurp_one_reloc_table' in elf64-sparc.c
currently checks that the symbol indexes read in the r_sym fields of
relocations are in range. This is done for both dynamic and
non-dynamic symbols. This avoids subsequent invalid memory accesses.
However, no error is issued to the user.
This patch makes BFD to issue an error when the read symbol index is
out of range, following the same behavior implemented in both the
generic ELF routines and other ELF backends (such as mips64).
Tested in x86_64-linux-gnu, sparc64-linux-gnu, and
--enable-targets=all.
2018-09-04 Jose E. Marchesi <***@oracle.com>
* elf64-sparc.c (elf64_sparc_slurp_one_reloc_table): Issue an
error when an invalid symbol index is retrieved in ELF64_R_SYM of
a relocation seen in an input file.
---
bfd/ChangeLog | 6 ++++++
bfd/elf64-sparc.c | 18 +++++++++++++-----
2 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 9a3b9b1ec2..22837e0f0e 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,9 @@
+2018-09-04 Jose E. Marchesi <***@oracle.com>
+
+ * elf64-sparc.c (elf64_sparc_slurp_one_reloc_table): Issue an
+ error when an invalid symbol index is retrieved in ELF64_R_SYM of
+ a relocation seen in an input file.
+
2018-09-03 Jozef Lawrynowicz <***@mittosystems.com>
Alan Modra <***@gmail.com>
diff --git a/bfd/elf64-sparc.c b/bfd/elf64-sparc.c
index 8c45d3257e..41e1b7acf7 100644
--- a/bfd/elf64-sparc.c
+++ b/bfd/elf64-sparc.c
@@ -97,12 +97,20 @@ elf64_sparc_slurp_one_reloc_table (bfd *abfd, asection *asect,
else
relent->address = rela.r_offset - asect->vma;
- if (ELF64_R_SYM (rela.r_info) == STN_UNDEF
- /* PR 17512: file: 996185f8. */
- || (!dynamic && ELF64_R_SYM(rela.r_info) > bfd_get_symcount(abfd))
- || (dynamic
- && ELF64_R_SYM(rela.r_info) > bfd_get_dynamic_symcount(abfd)))
+ if (ELF64_R_SYM (rela.r_info) == STN_UNDEF)
relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr;
+ else if (/* PR 17512: file: 996185f8. */
+ (!dynamic && ELF64_R_SYM(rela.r_info) > bfd_get_symcount(abfd))
+ || (dynamic
+ && ELF64_R_SYM(rela.r_info) > bfd_get_dynamic_symcount(abfd)))
+ {
+ _bfd_error_handler
+ /* xgettext:c-format */
+ (_("%pB(%pA): relocation %d has invalid symbol index %ld"),
+ abfd, asect, i, (long) ELF64_R_SYM (rela.r_info));
+ bfd_set_error (bfd_error_bad_value);
+ relent->sym_ptr_ptr = bfd_abs_section_ptr->symbol_ptr_ptr;
+ }
else
{
asymbol **ps, *s;
--
2.11.0
2.11.0